Hacking Microsoft RDP for Fun and Profit

Post-exploitation the easy way

Microsoft RDP is a powerful functionality included into almost any
version of Microsoft Windows, which enables users to log in remotely
while enjoying familiar graphical and sound experience. However,
Microsoft has restricted the RDP functionality in so many ways, that
even regular users have to apply third-party patches to enable missing
functions (such as concurrent sessions).

Nowadays many pro cyber attacks in post-exploitation stage are carried
out by hands, via a malicious VNC connection, rather than via an
automated payload trojan. Such attacks are still rare, because custom
implementation of a remote desktop protocol is somewhat
resource-intensive and unreliable. But, what if the attacker thinks of
implementing malicious remote desktop backdoor on top of default
functionality of Microsoft Windows?

In this presentation we will discuss the Microsoft RDP internals, and
how an attacker might intercept them to achieve some malicious
profit.